From owner-cvs-all  Fri Mar  3 22:52:46 2000
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3A2C237B6F5; Fri,  3 Mar 2000 22:52:44 -0800 (PST)
	(envelope-from kris@FreeBSD.org)
Received: (from kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id WAA07072;
	Fri, 3 Mar 2000 22:52:44 -0800 (PST)
	(envelope-from kris@FreeBSD.org)
Message-Id: <200003040652.WAA07072@freefall.freebsd.org>
From: Kris Kennaway <kris@FreeBSD.org>
Date: Fri, 3 Mar 2000 22:52:43 -0800 (PST)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/mail/mh Makefile
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

kris        2000/03/03 22:52:43 PST

  Modified files:
    mail/mh              Makefile 
  Log:
  Put on my security hardhat and mark this port FORBIDDEN - it has a buffer
  overflow in the MIME parsing code which is remotely exploitable via
  email. The nmh port had a similar bug which was fixed in the 1.0.2 upgrade.
  
  Because this software is apparently no longer under active development it
  may be unlikely to get fixed.
  
  Obtained from:	Dan Harkless <dan-bugtraq@dilvish.speed.net> via BugTraq
  
  Revision  Changes    Path
  1.16      +3 -1      ports/mail/mh/Makefile



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message